Upgrade time can be a daunting time specially if you are new or not that confident in performing upgrades, I will be covering the basics of upgrading which will allow you to perform an upgrade of your Debian 11 to a Debian 12 system.
The first thing that you want to do before making any changes is make sure you are familiar with the server and it's primary function, for example is it a mail server, web server database server, file server etc... this will then enable you to test it's primary function once the upgrade has completed and spot any major problems that may crop up.
You will also want to ensure that you have a backup and that you are able to restore that backup in the event that it's required. If it's a virtual machine then take a snapshot if possible. You should also consider how you will access the machine if there are problems, do you have physical access or remote access via an IPKVM/IPMI the last thing you want is for the server to go down in a remote location and you can't get onto it or boot a live cd of some sort to try and fix it.
As a general rule of thumb, the less additional or 3rd party software installed on your system, the higher chance for a successful upgrade, if you have installed any 3rd party software or manually installed software then you should check if this will upgrade with the rest of the system, in some cases you may need to remove the software prior to performing the upgrade.
Before starting the upgrade to Debian 12 you will need to ensure that your system is fully up-to-date
apt update
apt upgrade
apt full-upgrade
Checks for partially installed, missing and obsolete packages.
dpkg -C
Check what packages are held back if any.
apt-mark showhold
Before proceeding make sure you don't have any issues with packages or packages on hold.
The system should now be fully updated with no issues with packages so we can now update the sources.list file with the Debian Stretch sources.
Make a backup the current /etc/apt/sources.list
cp /etc/apt/sources.list /etc/apt/sources.list_backup_`date +%Y-%m-%d_%H-%M`
Edit your sources.list file and update the keyword bullseye
to bookworm
.
Bullseye
deb http://deb.debian.org/debian bullseye main
deb-src http://deb.debian.org/debian bullseye main
deb http://deb.debian.org/debian-security/ bullseye-security main
deb-src http://deb.debian.org/debian-security/ bullseye-security main
deb http://deb.debian.org/debian bullseye-updates main
deb-src http://deb.debian.org/debian bullseye-updates main
Bookworm
deb http://deb.debian.org/debian bookworm main
deb-src http://deb.debian.org/debian bookworm main
deb http://deb.debian.org/debian-security/ bookworm-security main
deb-src http://deb.debian.org/debian-security/ bookworm-security main
deb http://deb.debian.org/debian bookworm-updates main
deb-src http://deb.debian.org/debian bookworm-updates main
or if you are feeling lazy you can use sed
to update your sources lists
sed -i'.bak' 's/bullseye/bookworm/g' /etc/apt/sources.list
If you have other repos that need updating then you can do them.
When upgrading the system will prompt for user input so be aware of this so don't issue the command and run!! After the sources are updated you will need to update the packages list...
]]>When replacing a root ZFS disk in proxmox it's not as simple as just replacing the disk you also need to partition it and install grub.
First off you will need to make sure that you have a replacement disk the same size or larger, most systems will support hot swap but if yours doesn't then you will need to shutdown the server so do ensure you allow time for this specially if you are running a production server with live VPS/Containers
First check the status of your pool
zpool status
pool: rpool
state: DEGRADED
status: One or more devices could not be used because the label is missing or
invalid. Sufficient replicas exist for the pool to continue
functioning in a degraded state.
action: Replace the device using 'zpool replace'.
see: https://openzfs.github.io/openzfs-docs/msg/ZFS-8000-4J
scan: scrub repaired 0B in 00:03:38 with 0 errors on Sun May 8 00:27:39 2022
config:
NAME STATE READ WRITE CKSUM
rpool DEGRADED 0 0 0
mirror-0 DEGRADED 0 0 0
sda3, UNAVAIL 3 194 0
sdb3, ONLINE 0 0 0
errors: No known data errors
As you will see on rpool this is degraded and one disk is offline sda3, if your disk is not offline then you should take it offline before replacing it run zpool offline rpool /dev/sda3
to take this disk offline.
Once you have the disk ofline you can then replace the disk, if your machine does not support hot swap then shutdown and replace.
After the disk has been replaced check new disk is visible, you can use fdisk -l
to list your disks in this instance the new disk will be sda which is the same as the disk that was replaced this is not always the case and could be labelled as sdc,sde etc....
sgdisk /dev/sdb -R /dev/sda
sgdisk -G /dev/sda
The operation has completed successfully.
3. You now need to resilver/rebuild the ZFS rpool onto the new disk, once you start the resilver process it's advised that you don't reboot your machine until its completed. You can check the status with the command `zpool status` once the rebuild has completed move on to the next step
zpool replace -f rpool /dev/sda3 /dev/sda3
4. With the proxmox-boot-tool to install and setup the efi partition which is setup as partition 2 on the bootable disks setup by the proxmox installer.
proxmox-boot-tool format /dev/sda2
proxmox-boot-tool init...
]]>
When replacing a root ZFS disk in proxmox it's not as simple as just replacing the disk you also need to partition it and install grub.
First off you will need to make sure that you have a replacement disk the same size or larger, most systems will support hot swap but if yours dosnt then you will need to shutdown the server so do ensure you allow time for this specially if you are running a production server with live VPS/Containers
Ffirst offcheck the status of your pool
zpool status
pool: rpool
state: DEGRADED
status: One or more devices has been taken offline by the administrator.
Sufficient replicas exist for the pool to continue functioning in a
degraded state.
action: Online the device using 'zpool online' or replace the device with
'zpool replace'.
scan: scrub repaired 0 in 3h41m with 0 errors on Sat Aug 10 12:34:45 2017
config:
NAME STATE READ WRITE CKSUM
rpool DEGRADED 0 0 0
raidz1-0 DEGRADED 0 0 0
sda2 ONLINE 0 0 0
sdb2 OFFLINE 0 0 0
sdc2 ONLINE 0 0 0
errors: No known data errors
As you will see on rpool this is degraded and one disk is offline sdb2, if your disk is not offline then you should take it offline before replacing it run zpool offline rpool /dev/sdb2
to take this disk offline.
Once you have the disk ofline you can then replace the disk, if your machine does not support hot swap then shutdown and replace.
After the disk has been replaced check new disk is visible, you can use fdisk -l
to list your disks in this instance the new disk will be sdb
sgdisk --replicate=/dev/sdb /dev/sda
sgdisk --randomize-guids /dev/sdb
The operation has completed successfully.
grub-install /dev/sdb
zpool replace rpool /dev/sdb2
You can check the status of the rebuild with zpool status
under the scan section it will details the rebuild progress.
zpool status
pool: rpool
state: DEGRADED
status: One or more devices is currently being resilvered. The pool will
continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
scan: resilver in progress since Tue Sep 12 19:55:07 2017
34.6G scanned out of 576G at 17.75M/s, 8h52m to go
34.6G...
]]>
mdadm --create --verbose /dev/md0 --level=1 /dev/sda1 /dev/sdb2
After we create our raid arrays we add them mdadm.conf depending on your OS this will be in /etc/mdadm.conf or /etc/mdadm/mdadm.conf (debian) we can add the array to the configuration file with the below.
mdadm --detail --scan >> /etc/mdadm.conf
or
mdadm --detail --scan >> /etc/mdadm/mdadm.conf
You can’t remove a disk directly from an array unless it is failed, to remove an active (healthy drive) you first have to fail it before you can remove the drive.
Fail drive
mdadm --fail /dev/md0 /dev/sdb1
Remove drive
mdadm --remove /dev/md0 /dev/sdb1
Alternatively you can fail and remove the disk as a one liner
mdadm /dev/md0 --fail /dev/sdb1 --remove /dev/sdb1
To add or replace a failed disk to an array
mdadm --add /dev/md0 /dev/sdb1
cat /proc/mdstat
To remove a raid array you will have to stop it first and then remove it
mdadm --stop /dev/md0
mdadm --remove /dev/md0
To remove the superblock from the drives
mdadm --zero-superblock /dev/sdb
In this example the disk sdb has failed and been replace, to start the rebuild the disk partitions will need to be copied from the remaining working drive and then the raid set to rebuild.
With this command it will not prompt with any warning so make sure you type correctly as you may add more work for yourself.
sfdisk -d /dev/sda | sfdisk /dev/sdb
This will dump the partition table of sda and copy to sdb replacing all existing partitions. We now need to re add the partitions to the raid replace * with number i.e. sdb1 number depends on the output of cat /proc/mdstat you will need to do this for all partitions.
mdadm /dev/md0 --add /dev/sdb*
You can then watch the status of the rebuild using watch
watch -n 10 cat /proc/mdstat
After the rebuild has completed you may need to reinstall grub if you have replaced a boot drive.
grub-install /dev/sdb
Hope this has helped you, remember to always double check before running commands.
]]>To list what bits are set use ls -lo
No bits set
lsattr
------------- ./testfile.txt
Immutable bit set (see schg flags are set)
lsattr
----i-------- ./testfile.txt
chattr +i testfile.txt
chattr -i testfile.txt
chattr also supports a number of other attributes
Useful options
For more information on the usage of chattr and the attributes that can be set see the man page at https://man7.org/linux/man-pages/man1/chattr.1.html
]]>To list what bits are set use ls -lo
No bits set
ls -lo
drwx------ 3 root wheel uarch 12 Oct 13 2021 testfile.txt
Immutable bit set (see schg flags are set)
ls -lo
drwx------ 3 root wheel schg,uarch 12 Oct 13 2021 testfile.txt
chflags schg testfile.txt
chflags noschg testfile.txt
chflags also supports a number of other flags
Debian Name | Debian Version | Ubuntu Name | Ubuntu Version |
---|---|---|---|
bullseye | 11 | impish | 21.1 |
bullseye | 11 | hirsute | 21.04 |
bullseye | 11 | groovy | 20.1 |
bullseye | 11 | focal | 20.04 |
buster | 10 | eoan | 19.1 |
buster | 10 | disco | 19.04 |
buster | 10 | cosmic | 18.1 |
buster | 10 | bionic | 18.04 |
stretch | 9 | artful | 17.1 |
stretch | 9 | zesty | 17.04 |
stretch | 9 | yakkety | 16.1 |
stretch | 9 | xenial | 16.04 |
jessie | 8 | wily | 15.1 |
jessie | 8 | vivid | 15.04 |
jessie | 8 | utopic | 14.1 |
jessie | 8 | trusty | 14.04 |
wheezy | 7 | saucy | 13.1 |
wheezy | 7 | raring | 13.04 |
wheezy | 7 | quantal | 12.1 |
wheezy | 7 | precise | 12.04 |
wheezy | 7 | oneiric | 11.1 |
squeeze | 6 | natty | 11.04 |
squeeze | 6 | maverick | 10.1 |
squeeze | 6 | lucid | 10.04 |
Upgrade time can be a daunting time specially if you are new or not that confident in performing upgrades, I will be covering the basics of upgrading which will allow you to perform an upgrade of your Debian 10 to a Debian 11 system.
The first thing that you want to do before making any changes is make sure you are familiar with the server and it's primary function, for example is it a mail server, web server database server, file server etc... this will then enable you to test it's primary function once the upgrade has completed and spot any major problems that may crop up.
You will also want to ensure that you have a backup and that you are able to restore that backup in the event that it's required. If it's a virtual machine then take a snapshot if possible. You should also consider how you will access the machine if there are problems, do you have physical access or remote access via an IPKVM/IPMI the last thing you want is for the server to go down in a remote location and you can't get onto it or boot a live cd of some sort to try and fix it.
As a general rule of thumb, the less additional or 3rd party software installed on your system, the higher chance for a successful upgrade, if you have installed any 3rd party software or manually installed software then you should check if this will upgrade with the rest of the system, in some cases you may need to remove the software prior to performing the upgrade.
Before starting the upgrade to Debian 11 you will need to ensure that your system is fully up-to-date
apt-get update
apt-get upgrade
apt-get dist-upgrade
Checks for partially installed, missing and obsolete packages.
dpkg -C
Check what packages are held back if any.
apt-mark showhold
Before proceeding make sure you don't have any issues with packages or packages on hold.
The system should now be fully updated with no issues with packages so we can now update the sources.list file with the Debian Stretch sources.
Make a backup the current /etc/apt/sources.list
cp /etc/apt/sources.list /etc/apt/sources.list_backup_`date +%Y-%m-%d_%H-%M`
Edit your sources.list file and update the keyword buster
to bullseye
.
Buster
deb http://ftp.uk.debian.org/debian buster main
deb http://ftp.uk.debian.org/debian buster-updates main
deb http://security.debian.org buster/updates main
Bullseye
deb http://deb.debian.org/debian bullseye main
deb-src http://deb.debian.org/debian bullseye main
deb http://deb.debian.org/debian-security/ bullseye-security main
deb-src http://deb.debian.org/debian-security/ bullseye-security main
deb http://deb.debian.org/debian bullseye-updates main
deb-src http://deb.debian.org/debian bullseye-updates main
If you have other repos that need updating then you can do them.
When upgrading the system will prompt for user input so be aware of this so don't issue the command and run!! After the sources are updated you will need to update the packages list then start the upgrade process
apt-get update
apt-get upgrade
apt-get dist-upgrade
You should now have your system fully upgraded to Debian 11 Bullseye, reboot and then check services are working as...
]]>Upgrade time can be a daunting time specially if you are new or not that confident in performing upgrades, I will be covering the basics of upgrading which will allow you to perform an upgrade of your Debian 9 system to a Debian 10 system.
The system that I last performed the upgrade on was my personal Gitlab CE server so I will add a little at the end for gitlab-ce. The first thing that you want to do before making any changes is make sure you are familior with the server and it's primary function, for example is it a mail server, web server database server,file server etc... this will then enable you to test it's primary function once the upgrade has completed and spot any major problems that may crop up.
You will also want to ensure that you have a backup and that you are able to restore that backup in the event that it's required. If it's a virtual machine then take a snapshot if possible. You should also consider how you will access the machine if there are problems, do you have physical access or remote access via an IPKVM/IPMI the last thing you want is for the server to go down in a remote location and you can't get onto it or boot a live cd of some sort to try and fix it.
As a general rule of thumb, the less additional or 3rd party software installed on your system, the higher chance for a successful upgrade, if you have installed any 3rd party software or manually installed software then you should check if this will upgrade with the rest of the system, in some cases you may need to remove the software prior to performing the upgrade.
Before starting the upgrade to Debian 10 you will need to ensure that your system is fully up-to-date
apt-get update
apt-get upgrade
apt-get dist-upgrade
Checks for partially installed, missing and obsolete packages.
dpkg -C
Check what packages are held back if any.
apt-mark showhold
Before proceeding make sure you don't have any issues with packages or packages on hold.
The system should now be fully updated with no issues with packages so we can now update the sources.list file with the Debian Stretch sources.
Make a backup the current /etc/apt/sources.list
cp /etc/apt/sources.list /etc/apt/sources.list_backup_`date +%Y-%m-%d_%H-%M`
Edit your sources.list file and update the keyword stretch
to buster
.
Stretch
deb http://ftp.uk.debian.org/debian stretch main
deb http://ftp.uk.debian.org/debian stretch-updates main
deb http://security.debian.org stretch/updates main
Buster
deb http://ftp.uk.debian.org/debian buster main
deb http://ftp.uk.debian.org/debian buster-updates main
deb http://security.debian.org buster/updates main
If you have other repos that need updating then you can do them to, here I have gitlab-ce so this was also updated
Gitlab CE repo list /etc/apt/sources.list.d/gitlab_gitlab-ce.list
Stretch
# this file was generated by packages.gitlab.com for
# the repository at https://packages.gitlab.com/gitlab/gitlab-ce
deb https://packages.gitlab.com/gitlab/gitlab-ce/debian/ stretch main
deb-src https://packages.gitlab.com/gitlab/gitlab-ce/debian/ stretch main
Buster
# this file was generated by packages.gitlab.com for
# the repository at https://packages.gitlab.com/gitlab/gitlab-ce
deb https://packages.gitlab.com/gitlab/gitlab-ce/debian/ buster...
]]>
apt install xrdp
apt install xserver-xorg-core
apt install xorgxrdp
adduser xrdp ssl-cert
vi /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.color-manager.create-device" || action.id == "org.freedesktop.color-manager.create-profile" || action.id == "org.freedesktop.color-manager.delete-device" || action.id == "org.freedesktop.color-manager.delete-profile" || action.id == "org.freedesktop.color-manager.modify-device" || action.id == "org.freedesktop.color-manager.modify-profile") && subject.isInGroup("{group}"))
{
return polkit.Result.YES;
}
});
ufw allow from 192.168.1.0/24 to any port 3389
systemctl enable xrdp
systemctl restart xrdp
In some cases if you are running this remotely on a vps you may not want to have the machine go to sleep so you can disable this with.
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
or you can create a systemd config file /etc/systemd/sleep.conf.d/nosuspend.conf
[Sleep]
AllowSuspend=no
AllowHibernation=no
AllowSuspendThenHibernate=no
AllowHybridSleep=no
]]>